FBI Files Brief on Scarfo Keylogger

Firewort writes: "In an affidavit (warning, it's a PDF) filed with a federal court in New Jersey, the FBI has disclosed some of the details of a controversial "key logger system" used to obtain the encryption password of a criminal suspect. They go into great detail describing PGP and the different methods they might have used to keystroke-log Scarfo to get his encryption key." Interesting, and more technically sophisticated than the basic keyloggers which grab keystrokes indiscriminately.

keystroke blackbox

[simetra]

I suspect it's only a matter of time before motherboards come equiped with a "blackbox" type of thing, similar to a flight data recorder. They could store, say, the last 10,000 keystrokes on any keyboard. Does such a thing exist?

More keyboard logging

[Spootnik]

Speaking of "if you are important enough" and "all is takes is application of resources", I was recently reading through some of the briefs in the US v. Scarfo case. It sounded to me like the FBI got frustrated with his use of PGP and went with the keylogger approach. I was under the impression that the government had the resources to actually break some of the encryption schemes that are lawfully available in the US. It takes them time and a lot of computer horsepower, but I thought they could do it. It seems that the FBI didn't want to have to use all these resources in the Scarfo case and take the time to do it that way, so they used a logger. The material I was reading came from www.epic.org. It was interesting.

Scarfo's Password

[billnapier]

Anybody out there know what it was? The affidavit implies that it was put into court records at some point in time (at least the output of the KLS was). Just curious, thinking its something like NickyS or BaddaBing.

Re:Scarfo's Password

[morcheeba]

nds09813-050-- -- the prison identification number of Scarfo''s father.

Ctrl-V ?

[simetra]

Even if a keystroke logger recorded every single keystroke... if you were to copy and paste a password, say you put it in a text file on a floppy on a different computer.... wouldn't this render the keystroke logger useless? It would have to also record the contents of the "clipboard", no?

Re:Ctrl-V ?

[jedwards]

You can cut and paste the characters from a innocent copy of 'Alice's Adventures in Wonderland'.

Re:Ctrl-V ?

[4mn0t1337]

passphrase lying around in a text file

Yeah, but how many millions of phrases are on your computer? The one that is your passphrase doesn't have to be obvious. (ie, brute force attack with the entire contents of the drive should slow someone down.)

But, even better, you don't even have to leave the phrase laying about for longer than a few seconds. Just open up a web page, select the a few char of the password, and paste it to a temp file. Open up another page and copy another block of char and paste that to the file. Keep doing this until you have a complete password, copy it and close the file w/o saving.

Anything that is recording your input stream from the keyboard is just going to see you just web surfing a doing a lot of copy and paste.

Re:Ctrl-V ?

[linuxrunner]

Yeah, just keep a copy of the GNU-GPL lying around.. (I do) and copy and paste a line (long line) out of that!

Linuxrunner

Re:A simple keystroke logger can be elegant, too

[Stonehand]

Maybe put a barcode on rice paper, then. *shrug*

Re:Doesn't it seem strange

[kevinank]

True, but that does not mean that they are not going to break the rules. The knowledge that they couldn't use the evidence would in no way deter them from collecting it.

Unlike your local PD, the FBI risks a lot more harm than possible benefit from such a strategy. All it would take is one whistleblower to make the whole thing blow up in their faces. I suspect that if the FBI says they are using those communication restraints it is because they are. Even the political damage, much less the criminal liability of lying to the courts, would be overwhelmingly more costly than losing this relatively unimportant case.

okay let me get this straight

[Dr.+Awktagon]

Did anyone read that whole thing? It seems that the FBI had a keystroke logger that only came on when the modem was off, with the belief, I assume, that the computer isn't a communication device unless the modem is on.

So then the wiretap laws wouldn't apply when the modem is off? Is my interpretation correct?

Strange loophole..

Re:Bypassing the keylogger

[jeffy124]

actually, from the looks of the brief, there are a few ways to circumvent their device. To me, it appears the key (no pun intended) to thwarting this lies in that the logger is only active while the modem is active, meaning you have to be online in order to be have your keys logged.

Option #1
Some have suggested saving that phrase in a text file and then copy/paste from there would work, except that your passphrase is now in clear text on your hard disk. Any search warrant against your machine would find that file, and your private key becomes compromised.

Solution there is to open a text editor before going online, entering the passphrase there. go online. Get the mail and then copy/paste the passphrase, close text editor w/o saving.

Option #2
download the email off the mail server (ie, POP it off the server). Go offline. Enter passphrase and read message.

Likewise, dont write emails while online. Write and encrpyt first, then go online to send. The keylogger appears to be able to pick up your typing of the message if you're online as you write it. (this also saves you $$$ if your ISP is cheap enough to still be charging per hour rates!)